CVE-2023-3519

critical

Description

Unauthenticated remote code execution

From the Tenable Blog

CVE-2023-3519: Critical RCE in Netscaler ADC (Citrix ADC) and Netscaler Gateway (Citrix Gateway)

Published: 2023-07-18

Citrix has released a patch fixing a remote code execution vulnerability in several versions of Netscaler ADC and Netscaler Gateway that has been exploited. Organizations are urged to patch immediately.

References

https://www.reliaquest.com/blog/inc-ransom-attack-analysis-extortion-methodologies/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a

https://www.tenable.com/blog/aa24-241a-joint-cybersecurity-advisory-on-iran-based-cyber-actors-targeting-us-organizations

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a

https://securityaffairs.com/164838/breaking-news/excobalt-cybercrime-group-targets-russian-orgs.html

https://services.google.com/fh/files/misc/m-trends-2024.pdf

https://therecord.media/xerox-xbs-cyberattack?&web_view=true

https://www.tenable.com/blog/cve-2023-3519-critical-rce-in-netscaler-adc-citrix-adc-and-netscaler-gateway-citrix-gateway

https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467

http://packetstormsecurity.com/files/173997/Citrix-ADC-NetScaler-Remote-Code-Execution.html

Details

Source: Mitre, NVD

Published: 2023-07-19

Updated: 2024-06-27

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H